[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["Security Command Center performs [runtime](#runtime) and [control plane](#control-plane)\nmonitoring of Cloud Run resources. For recommended responses to these\nthreats, see [Respond to Cloud Run\nthreat findings](/security-command-center/docs/respond-cloud-run-threats).\n\nRuntime finding types\n\nThe following runtime detections are available with\n[Cloud Run Threat Detection](/security-command-center/docs/cloud-run-threat-detection-overview):\n- [`Execution: Added Malicious Binary Executed`](/security-command-center/docs/findings/threats/cloud-run-added-malicious-binary-executed)\n- [`Execution: Added Malicious Library Loaded`](/security-command-center/docs/findings/threats/cloud-run-added-malicious-library-loaded)\n- [`Execution: Built in Malicious Binary Executed`](/security-command-center/docs/findings/threats/cloud-run-built-in-malicious-binary-executed)\n- [`Execution: Container Escape`](/security-command-center/docs/findings/threats/cloud-run-container-escape)\n- [`Execution: Kubernetes Attack Tool Execution`](/security-command-center/docs/findings/threats/cloud-run-kubernetes-attack-tool-execution)\n- [`Execution: Local Reconnaissance Tool Execution`](/security-command-center/docs/findings/threats/cloud-run-local-reconnaissance-tool-execution)\n- [`Execution: Malicious Python executed`](/security-command-center/docs/findings/threats/cloud-run-malicious-python-executed)\n- [`Execution: Modified Malicious Binary Executed`](/security-command-center/docs/findings/threats/cloud-run-modified-malicious-binary-executed)\n- [`Execution: Modified Malicious Library Loaded`](/security-command-center/docs/findings/threats/cloud-run-modified-malicious-library-loaded)\n- [`Malicious Script Executed`](/security-command-center/docs/findings/threats/cloud-run-malicious-script-executed)\n- [`Malicious URL Observed`](/security-command-center/docs/findings/threats/cloud-run-malicious-url-observed)\n- [`Reverse Shell`](/security-command-center/docs/findings/threats/cloud-run-reverse-shell)\n- [`Unexpected Child Shell`](/security-command-center/docs/findings/threats/cloud-run-unexpected-child-shell)\n\nControl plane finding types\n- The following control plane detections are available with [Event Threat Detection](/security-command-center/docs/concepts-event-threat-detection-overview):\n- [`Execution: Cryptomining Docker Image`](/security-command-center/docs/findings/threats/cloud-run-cryptomining-docker-images)\n- [`Impact: Cryptomining Commands`](/security-command-center/docs/findings/threats/cloud-run-jobs-cryptomining-commands)\n- [`Privilege Escalation: Default Compute Engine Service Account SetIAMPolicy`](/security-command-center/docs/findings/threats/cloud-run-services-set-iam-policy)"]]
